Refactor archivers (#3820)

* Create archiver-common.inc * add apparmor to archiver-common.inc * refactor 7z.profile * refactor ar.profile * refactor atool.profile * refactor bsdtar.profile * refactor cpio.profile * refactor gzip.profile * refactor tar.profile * refactor unrar.profile * refactor unzip.profile * refactor xzdec.profile * refactor zstd.profile * rewording * blacklist ${RUNUSER} in archiver-common.inc Thanks to @rusty-snake for suggesting this. * drop non-sensical ${RUNUSER}/wayland-* blacklisting in archiver-common.inc See discussion in https://github.com/netblue30/firejail/pull/3820#discussion_r543523343
author: glitsj16 <glitsj16@users.noreply.github.com> 2020-12-15 19:05:54 +0000
committer: GitHub <noreply@github.com> 2020-12-15 19:05:54 +0000
commit: 4a40e2a5f2009cf282dd783e73e1fb860ac758ba (patch)
tree: 98ab549570bd67a4987bb2b1ad019b372c205f54 /etc/profile-a-l/ar.profile
parent: Runuser fixes (#3826) (diff)
download: firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.gz
firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.zst
firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.zip
1 files changed, 1 insertions, 37 deletions
diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile
index 183587ff8..a600eddef 100644
--- a/etc/profile-a-l/ar.profile
+++ b/etc/profile-a-l/ar.profile
@@ -7,42 +7,6 @@ include ar.local
 # Persistent global definitions
 include globals.local
-blacklist ${RUNUSER}/wayland-*
+include archiver-common.inc
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-shell.inc
-apparmor
-caps.drop all
-hostname ar
-ipc-namespace
-machine-id
-net none
-no3d
-nodvd
-nogroups
-nonewprivs
-#noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-x11 none
 private-bin ar
-private-cache
-private-dev
-dbus-user none
-dbus-system none
-memory-deny-write-execute
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-12-15 19:05:54 +0000
committer	GitHub <noreply@github.com>	2020-12-15 19:05:54 +0000
commit	4a40e2a5f2009cf282dd783e73e1fb860ac758ba (patch)
tree	98ab549570bd67a4987bb2b1ad019b372c205f54 /etc/profile-a-l/ar.profile
parent	Runuser fixes (#3826) (diff)
download	firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.gz firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.zst firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.zip

diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile index 183587ff8..a600eddef 100644 --- a/etc/profile-a-l/ar.profile +++ b/etc/profile-a-l/ar.profile
@@ -7,42 +7,6 @@ include ar.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	include globals.local
9		9
10	blacklist ${RUNUSER}/wayland-*	10	include archiver-common.inc
11
12	include disable-common.inc
13	include disable-devel.inc
14	include disable-exec.inc
15	include disable-interpreters.inc
16	include disable-passwdmgr.inc
17	include disable-programs.inc
18	include disable-shell.inc
19
20	apparmor
21	caps.drop all
22	hostname ar
23	ipc-namespace
24	machine-id
25	net none
26	no3d
27	nodvd
28	nogroups
29	nonewprivs
30	#noroot
31	nosound
32	notv
33	nou2f
34	novideo
35	protocol unix
36	seccomp
37	shell none
38	tracelog
39	x11 none
40		11
41	private-bin ar	12	private-bin ar
42	private-cache
43	private-dev
44
45	dbus-user none
46	dbus-system none
47
48	memory-deny-write-execute